Dim nm As String
Dim pass As String
nm = TextBox1.Text
pass = TextBox2.Text
Try
cn.ConnectionString = "Provider=Microsoft.ACE.OLEDB.12.0;Data Source=C:\Users\Pavilion\Documents\Visual Studio 2010\Projects\WindowsApplication5\Ent.accdb"
cn.Open()
Dim sql As String
sql = "SELECT * FROM user WHERE UName='" & nm & "'AND Pwd='" & pass & "'"
cmd = New OleDbCommand(sql, cn)
dr = cmd.ExecuteReader
While (dr.Read())
If ((nm.Equals(dr(0))) And pass.Equals(dr(1))) Then
MessageBox.Show("Login Sucessful")
End If
End While
Catch ex As Exception
MsgBox("Login Failed :" & ex.Message)
End Try
此代码出现以下错误syntax error in FROM clause
答案 0 :(得分:1)
如果您发布的代码是复制和粘贴的,那么您在用户名和AND关键字之间缺少空格。
您的代码:
"SELECT * FROM user WHERE UName='" & nm & "'AND Pwd='" & pass & "'"
应该是:
"SELECT * FROM user WHERE UName='" & nm & "' AND Pwd='" & pass & "'"
但是,您应该使用参数化查询来避免SQL注入攻击的可能性。像这样:
sql = "SELECT * FROM user WHERE UName=@nm AND Pwd=@pass"
cmd = New OleDbCommand(sql, cn)
cmd.Parameters.AddWithValue("@nm", TextBox1.Text)
cmd.Parameters.AddWithValue("@pass", TextBox2.Text)
cmd.CommandType = CommandType.Text
dr = cmd.ExecuteReader
答案 1 :(得分:1)
@Tim是正确的,但我认为你的SQL可能也有问题,因为user是一个保留字。如果我执行
SELECT * FROM user WHERE UName='fred' AND Pwd='123'
我被告知Incorrect syntax near the keyword 'user'.
您可以通过在表名周围加上[]来克服这个问题,即
Select * FROM [user] WHERE UName='fred' AND Pwd='123'
答案 2 :(得分:0)
Try
cn.ConnectionString = "Provider=Microsoft.ACE.OLEDB.12.0;Data Source=C:\Users\Pavilion\Documents\Visual Studio 2010\Projects\WindowsApplication5\Ent.accdb"
cn.Open()
Dim sql As String
sql = "SELECT * FROM user WHERE UName='" + nm + "'AND Pwd='" + pass + "'"
cmd = New OleDbCommand(sql, cn)
dr = cmd.ExecuteReader
While (dr.Read())
If ((nm.Equals(dr(0))) And pass.Equals(dr(1))) Then
MessageBox.Show("Login Sucessful")
End If
End While
Catch ex As Exception
MsgBox("Login Failed :" & ex.Message)
End Try
答案 3 :(得分:0)
"SELECT Firstname FROM [RegUser] where Firstname=@d3 and password=@d4"
我只是将我的表名括在方括号中并完成了操作。 我希望这对您有很大帮助。